@vorim/sdk 3.5.0 → 3.6.1

package/dist/integrations/stripe-acp.d.cts

@@ -0,0 +1,69 @@
+import { VorimSDK } from '../index.cjs';
+import '../types-B22WnXEW.cjs';
+
+interface ACPConfig {
+    apiKey: string;
+    baseUrl?: string;
+    minTrustScore?: number;
+    requiredScope?: string;
+}
+interface CheckoutAuthorizationRequest {
+    agentId: string;
+    seller?: string;
+    amount?: number;
+    currency?: string;
+    minTrustScore?: number;
+}
+interface CheckoutAuthorization {
+    authorized: boolean;
+    agentId: string;
+    trustScore: number;
+    status: string;
+    reason?: string;
+    scopeVerified: boolean;
+}
+declare class VorimACP {
+    private sdk;
+    private minTrustScore;
+    private requiredScope;
+    constructor(sdk: VorimSDK, config?: Partial<ACPConfig>);
+    /**
+     * Verify an agent is authorized to initiate a checkout.
+     */
+    authorizeCheckout(req: CheckoutAuthorizationRequest): Promise<CheckoutAuthorization>;
+    /**
+     * Log a checkout lifecycle event.
+     */
+    logCheckoutCreated(agentId: string, checkoutId: string, seller?: string, amount?: number): Promise<void>;
+    logCheckoutCompleted(agentId: string, checkoutId: string, seller?: string, amount?: number): Promise<void>;
+    logCheckoutCanceled(agentId: string, checkoutId: string, reason?: string): Promise<void>;
+    /**
+     * Express/Connect middleware that requires transact permission.
+     */
+    middleware(options?: {
+        agentIdHeader?: string;
+        minTrustScore?: number;
+    }): (req: any, res: any, next: any) => Promise<void>;
+    private logEvent;
+}
+/**
+ * Create a VorimACP instance.
+ *
+ * @example
+ * ```typescript
+ * import createVorim from '@vorim/sdk';
+ * import { createVorimACP } from '@vorim/sdk/integrations/stripe-acp';
+ *
+ * const vorim = createVorim({ apiKey: 'agid_sk_...' });
+ * const acp = createVorimACP(vorim, { minTrustScore: 70 });
+ *
+ * // Verify before checkout
+ * const auth = await acp.authorizeCheckout({ agentId: 'agid_abc123', seller: 'shop', amount: 4999 });
+ *
+ * // Express middleware
+ * app.post('/checkouts', acp.middleware(), createCheckoutHandler);
+ * ```
+ */
+declare function createVorimACP(sdk: VorimSDK, config?: Partial<ACPConfig>): VorimACP;
+
+export { type ACPConfig, type CheckoutAuthorization, type CheckoutAuthorizationRequest, VorimACP, createVorimACP };

package/dist/integrations/stripe-acp.d.ts

@@ -0,0 +1,69 @@
+import { VorimSDK } from '../index.js';
+import '../types-B22WnXEW.js';
+
+interface ACPConfig {
+    apiKey: string;
+    baseUrl?: string;
+    minTrustScore?: number;
+    requiredScope?: string;
+}
+interface CheckoutAuthorizationRequest {
+    agentId: string;
+    seller?: string;
+    amount?: number;
+    currency?: string;
+    minTrustScore?: number;
+}
+interface CheckoutAuthorization {
+    authorized: boolean;
+    agentId: string;
+    trustScore: number;
+    status: string;
+    reason?: string;
+    scopeVerified: boolean;
+}
+declare class VorimACP {
+    private sdk;
+    private minTrustScore;
+    private requiredScope;
+    constructor(sdk: VorimSDK, config?: Partial<ACPConfig>);
+    /**
+     * Verify an agent is authorized to initiate a checkout.
+     */
+    authorizeCheckout(req: CheckoutAuthorizationRequest): Promise<CheckoutAuthorization>;
+    /**
+     * Log a checkout lifecycle event.
+     */
+    logCheckoutCreated(agentId: string, checkoutId: string, seller?: string, amount?: number): Promise<void>;
+    logCheckoutCompleted(agentId: string, checkoutId: string, seller?: string, amount?: number): Promise<void>;
+    logCheckoutCanceled(agentId: string, checkoutId: string, reason?: string): Promise<void>;
+    /**
+     * Express/Connect middleware that requires transact permission.
+     */
+    middleware(options?: {
+        agentIdHeader?: string;
+        minTrustScore?: number;
+    }): (req: any, res: any, next: any) => Promise<void>;
+    private logEvent;
+}
+/**
+ * Create a VorimACP instance.
+ *
+ * @example
+ * ```typescript
+ * import createVorim from '@vorim/sdk';
+ * import { createVorimACP } from '@vorim/sdk/integrations/stripe-acp';
+ *
+ * const vorim = createVorim({ apiKey: 'agid_sk_...' });
+ * const acp = createVorimACP(vorim, { minTrustScore: 70 });
+ *
+ * // Verify before checkout
+ * const auth = await acp.authorizeCheckout({ agentId: 'agid_abc123', seller: 'shop', amount: 4999 });
+ *
+ * // Express middleware
+ * app.post('/checkouts', acp.middleware(), createCheckoutHandler);
+ * ```
+ */
+declare function createVorimACP(sdk: VorimSDK, config?: Partial<ACPConfig>): VorimACP;
+
+export { type ACPConfig, type CheckoutAuthorization, type CheckoutAuthorizationRequest, VorimACP, createVorimACP };

package/dist/integrations/stripe-acp.js

@@ -0,0 +1,153 @@
+// src/integrations/stripe-acp.ts
+var VorimACP = class {
+  sdk;
+  minTrustScore;
+  requiredScope;
+  constructor(sdk, config) {
+    this.sdk = sdk;
+    this.minTrustScore = config?.minTrustScore ?? 50;
+    this.requiredScope = config?.requiredScope ?? "agent:transact";
+  }
+  /**
+   * Verify an agent is authorized to initiate a checkout.
+   */
+  async authorizeCheckout(req) {
+    const threshold = req.minTrustScore ?? this.minTrustScore;
+    try {
+      const perm = await this.sdk.check(req.agentId, this.requiredScope);
+      if (!perm.allowed) {
+        await this.logEvent(req.agentId, "checkout.authorize", "denied", req, { reason: `Missing ${this.requiredScope}` });
+        return {
+          authorized: false,
+          agentId: req.agentId,
+          trustScore: 0,
+          status: "unknown",
+          reason: `Agent does not have ${this.requiredScope} permission`,
+          scopeVerified: false
+        };
+      }
+    } catch (e) {
+      await this.logEvent(req.agentId, "checkout.authorize", "denied", req, { reason: e.message });
+      return {
+        authorized: false,
+        agentId: req.agentId,
+        trustScore: 0,
+        status: "unknown",
+        reason: `Permission check failed: ${e.message}`,
+        scopeVerified: false
+      };
+    }
+    let score = 0;
+    let status = "unknown";
+    try {
+      const trust = await this.sdk.verify(req.agentId);
+      score = trust.trust_score ?? 0;
+      status = trust.status ?? "unknown";
+    } catch {
+    }
+    if (status !== "active") {
+      await this.logEvent(req.agentId, "checkout.authorize", "denied", req, { reason: `Status: ${status}` });
+      return {
+        authorized: false,
+        agentId: req.agentId,
+        trustScore: score,
+        status,
+        reason: `Agent is ${status}, not active`,
+        scopeVerified: true
+      };
+    }
+    if (score < threshold) {
+      await this.logEvent(req.agentId, "checkout.authorize", "denied", req, { reason: `Score ${score} < ${threshold}` });
+      return {
+        authorized: false,
+        agentId: req.agentId,
+        trustScore: score,
+        status,
+        reason: `Trust score ${score} is below minimum ${threshold}`,
+        scopeVerified: true
+      };
+    }
+    await this.logEvent(req.agentId, "checkout.authorize", "success", req, { trust_score: score });
+    return {
+      authorized: true,
+      agentId: req.agentId,
+      trustScore: score,
+      status,
+      scopeVerified: true
+    };
+  }
+  /**
+   * Log a checkout lifecycle event.
+   */
+  async logCheckoutCreated(agentId, checkoutId, seller, amount) {
+    await this.logEvent(agentId, "checkout.created", "success", { agentId, seller, amount }, { checkout_id: checkoutId });
+  }
+  async logCheckoutCompleted(agentId, checkoutId, seller, amount) {
+    await this.logEvent(agentId, "checkout.completed", "success", { agentId, seller, amount }, { checkout_id: checkoutId });
+  }
+  async logCheckoutCanceled(agentId, checkoutId, reason) {
+    await this.logEvent(agentId, "checkout.canceled", "success", { agentId }, { checkout_id: checkoutId, cancel_reason: reason });
+  }
+  /**
+   * Express/Connect middleware that requires transact permission.
+   */
+  middleware(options) {
+    const header = options?.agentIdHeader ?? "x-vorim-agent-id";
+    const threshold = options?.minTrustScore ?? this.minTrustScore;
+    return async (req, res, next) => {
+      const agentId = req.headers?.[header] || req.headers?.[header.toLowerCase()] || "";
+      if (!agentId) {
+        res.status(401).json({
+          error: { code: "MISSING_AGENT_ID", message: `Agent ID required in ${header} header` }
+        });
+        return;
+      }
+      const auth = await this.authorizeCheckout({
+        agentId,
+        seller: req.body?.seller || "",
+        amount: req.body?.amount || 0,
+        currency: req.body?.currency || "usd",
+        minTrustScore: threshold
+      });
+      if (!auth.authorized) {
+        res.status(403).json({
+          error: {
+            code: "UNAUTHORIZED_AGENT",
+            message: auth.reason || "Agent not authorized for transactions",
+            trust_score: auth.trustScore,
+            status: auth.status
+          }
+        });
+        return;
+      }
+      req.vorimAuthorization = auth;
+      next();
+    };
+  }
+  async logEvent(agentId, action, result, req, metadata) {
+    try {
+      await this.sdk.emit({
+        agent_id: agentId,
+        event_type: "api_request",
+        action,
+        result,
+        resource: req?.seller || "",
+        metadata: {
+          seller: req?.seller || "",
+          amount: req?.amount || 0,
+          currency: req?.currency || "",
+          ...metadata
+        }
+      });
+    } catch {
+    }
+  }
+};
+function createVorimACP(sdk, config) {
+  return new VorimACP(sdk, config);
+}
+export {
+  VorimACP,
+  createVorimACP
+};
+//# sourceMappingURL=stripe-acp.js.map

package/dist/integrations/stripe-acp.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/integrations/stripe-acp.ts"],"sourcesContent":["// ============================================================================\n// Vorim AI — Stripe Agentic Commerce Protocol (ACP) Integration\n//\n// Adds agent identity verification and permission checking before agents can\n// initiate payments via Stripe ACP. Ensures only authorized agents with the\n// 'transact' permission scope can create checkouts and complete purchases.\n//\n// Usage:\n//   import { createVorimACP } from '@vorim/sdk/integrations/stripe-acp';\n//\n//   const acp = createVorimACP({ apiKey: 'agid_sk_...', minTrustScore: 60 });\n//\n//   // Before creating a Stripe ACP checkout\n//   const auth = await acp.authorizeCheckout({\n//     agentId: 'agid_abc123',\n//     seller: 'acme-store',\n//     amount: 9999,\n//     currency: 'usd',\n//   });\n//\n//   if (auth.authorized) {\n//     // Proceed with Stripe checkout\n//   }\n//\n//   // Express middleware\n//   app.post('/checkouts', acp.middleware(), (req, res) => {\n//     // Only reached if agent has transact permission + trust score passes\n//   });\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\n\nexport interface ACPConfig {\n  apiKey: string;\n  baseUrl?: string;\n  minTrustScore?: number;\n  requiredScope?: string;\n}\n\nexport interface CheckoutAuthorizationRequest {\n  agentId: string;\n  seller?: string;\n  amount?: number;\n  currency?: string;\n  minTrustScore?: number;\n}\n\nexport interface CheckoutAuthorization {\n  authorized: boolean;\n  agentId: string;\n  trustScore: number;\n  status: string;\n  reason?: string;\n  scopeVerified: boolean;\n}\n\nexport class VorimACP {\n  private sdk: VorimSDK;\n  private minTrustScore: number;\n  private requiredScope: string;\n\n  constructor(sdk: VorimSDK, config?: Partial<ACPConfig>) {\n    this.sdk = sdk;\n    this.minTrustScore = config?.minTrustScore ?? 50;\n    this.requiredScope = config?.requiredScope ?? 'agent:transact';\n  }\n\n  /**\n   * Verify an agent is authorized to initiate a checkout.\n   */\n  async authorizeCheckout(req: CheckoutAuthorizationRequest): Promise<CheckoutAuthorization> {\n    const threshold = req.minTrustScore ?? this.minTrustScore;\n\n    // Check transact permission\n    try {\n      const perm = await this.sdk.check(req.agentId, this.requiredScope as any);\n      if (!(perm as any).allowed) {\n        await this.logEvent(req.agentId, 'checkout.authorize', 'denied', req, { reason: `Missing ${this.requiredScope}` });\n        return {\n          authorized: false,\n          agentId: req.agentId,\n          trustScore: 0,\n          status: 'unknown',\n          reason: `Agent does not have ${this.requiredScope} permission`,\n          scopeVerified: false,\n        };\n      }\n    } catch (e: any) {\n      await this.logEvent(req.agentId, 'checkout.authorize', 'denied', req, { reason: e.message });\n      return {\n        authorized: false,\n        agentId: req.agentId,\n        trustScore: 0,\n        status: 'unknown',\n        reason: `Permission check failed: ${e.message}`,\n        scopeVerified: false,\n      };\n    }\n\n    // Verify trust score\n    let score = 0;\n    let status = 'unknown';\n    try {\n      const trust = await this.sdk.verify(req.agentId);\n      score = (trust as any).trust_score ?? 0;\n      status = (trust as any).status ?? 'unknown';\n    } catch {\n      // Trust verification failed\n    }\n\n    if (status !== 'active') {\n      await this.logEvent(req.agentId, 'checkout.authorize', 'denied', req, { reason: `Status: ${status}` });\n      return {\n        authorized: false,\n        agentId: req.agentId,\n        trustScore: score,\n        status,\n        reason: `Agent is ${status}, not active`,\n        scopeVerified: true,\n      };\n    }\n\n    if (score < threshold) {\n      await this.logEvent(req.agentId, 'checkout.authorize', 'denied', req, { reason: `Score ${score} < ${threshold}` });\n      return {\n        authorized: false,\n        agentId: req.agentId,\n        trustScore: score,\n        status,\n        reason: `Trust score ${score} is below minimum ${threshold}`,\n        scopeVerified: true,\n      };\n    }\n\n    await this.logEvent(req.agentId, 'checkout.authorize', 'success', req, { trust_score: score });\n\n    return {\n      authorized: true,\n      agentId: req.agentId,\n      trustScore: score,\n      status,\n      scopeVerified: true,\n    };\n  }\n\n  /**\n   * Log a checkout lifecycle event.\n   */\n  async logCheckoutCreated(agentId: string, checkoutId: string, seller?: string, amount?: number): Promise<void> {\n    await this.logEvent(agentId, 'checkout.created', 'success', { agentId, seller, amount }, { checkout_id: checkoutId });\n  }\n\n  async logCheckoutCompleted(agentId: string, checkoutId: string, seller?: string, amount?: number): Promise<void> {\n    await this.logEvent(agentId, 'checkout.completed', 'success', { agentId, seller, amount }, { checkout_id: checkoutId });\n  }\n\n  async logCheckoutCanceled(agentId: string, checkoutId: string, reason?: string): Promise<void> {\n    await this.logEvent(agentId, 'checkout.canceled', 'success', { agentId }, { checkout_id: checkoutId, cancel_reason: reason });\n  }\n\n  /**\n   * Express/Connect middleware that requires transact permission.\n   */\n  middleware(options?: { agentIdHeader?: string; minTrustScore?: number }) {\n    const header = options?.agentIdHeader ?? 'x-vorim-agent-id';\n    const threshold = options?.minTrustScore ?? this.minTrustScore;\n\n    return async (req: any, res: any, next: any) => {\n      const agentId = req.headers?.[header] || req.headers?.[header.toLowerCase()] || '';\n\n      if (!agentId) {\n        res.status(401).json({\n          error: { code: 'MISSING_AGENT_ID', message: `Agent ID required in ${header} header` },\n        });\n        return;\n      }\n\n      const auth = await this.authorizeCheckout({\n        agentId,\n        seller: req.body?.seller || '',\n        amount: req.body?.amount || 0,\n        currency: req.body?.currency || 'usd',\n        minTrustScore: threshold,\n      });\n\n      if (!auth.authorized) {\n        res.status(403).json({\n          error: {\n            code: 'UNAUTHORIZED_AGENT',\n            message: auth.reason || 'Agent not authorized for transactions',\n            trust_score: auth.trustScore,\n            status: auth.status,\n          },\n        });\n        return;\n      }\n\n      req.vorimAuthorization = auth;\n      next();\n    };\n  }\n\n  private async logEvent(\n    agentId: string,\n    action: string,\n    result: 'success' | 'denied' | 'error',\n    req?: any,\n    metadata?: Record<string, any>,\n  ): Promise<void> {\n    try {\n      // Use the canonical audit-event contract: event_type from the\n      // AuditEventType enum ('api_request' for a payment authorization) and\n      // `result` (not the non-existent `outcome`) from the AuditResult enum.\n      await this.sdk.emit({\n        agent_id: agentId,\n        event_type: 'api_request',\n        action,\n        result,\n        resource: req?.seller || '',\n        metadata: {\n          seller: req?.seller || '',\n          amount: req?.amount || 0,\n          currency: req?.currency || '',\n          ...metadata,\n        },\n      });\n    } catch {\n      // Don't block commerce flow\n    }\n  }\n}\n\n/**\n * Create a VorimACP instance.\n *\n * @example\n * ```typescript\n * import createVorim from '@vorim/sdk';\n * import { createVorimACP } from '@vorim/sdk/integrations/stripe-acp';\n *\n * const vorim = createVorim({ apiKey: 'agid_sk_...' });\n * const acp = createVorimACP(vorim, { minTrustScore: 70 });\n *\n * // Verify before checkout\n * const auth = await acp.authorizeCheckout({ agentId: 'agid_abc123', seller: 'shop', amount: 4999 });\n *\n * // Express middleware\n * app.post('/checkouts', acp.middleware(), createCheckoutHandler);\n * ```\n */\nexport function createVorimACP(sdk: VorimSDK, config?: Partial<ACPConfig>): VorimACP {\n  return new VorimACP(sdk, config);\n}\n"],"mappings":";AAwDO,IAAM,WAAN,MAAe;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY,KAAe,QAA6B;AACtD,SAAK,MAAM;AACX,SAAK,gBAAgB,QAAQ,iBAAiB;AAC9C,SAAK,gBAAgB,QAAQ,iBAAiB;AAAA,EAChD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,KAAmE;AACzF,UAAM,YAAY,IAAI,iBAAiB,KAAK;AAG5C,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,IAAI,MAAM,IAAI,SAAS,KAAK,aAAoB;AACxE,UAAI,CAAE,KAAa,SAAS;AAC1B,cAAM,KAAK,SAAS,IAAI,SAAS,sBAAsB,UAAU,KAAK,EAAE,QAAQ,WAAW,KAAK,aAAa,GAAG,CAAC;AACjH,eAAO;AAAA,UACL,YAAY;AAAA,UACZ,SAAS,IAAI;AAAA,UACb,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR,QAAQ,uBAAuB,KAAK,aAAa;AAAA,UACjD,eAAe;AAAA,QACjB;AAAA,MACF;AAAA,IACF,SAAS,GAAQ;AACf,YAAM,KAAK,SAAS,IAAI,SAAS,sBAAsB,UAAU,KAAK,EAAE,QAAQ,EAAE,QAAQ,CAAC;AAC3F,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,QAAQ,4BAA4B,EAAE,OAAO;AAAA,QAC7C,eAAe;AAAA,MACjB;AAAA,IACF;AAGA,QAAI,QAAQ;AACZ,QAAI,SAAS;AACb,QAAI;AACF,YAAM,QAAQ,MAAM,KAAK,IAAI,OAAO,IAAI,OAAO;AAC/C,cAAS,MAAc,eAAe;AACtC,eAAU,MAAc,UAAU;AAAA,IACpC,QAAQ;AAAA,IAER;AAEA,QAAI,WAAW,UAAU;AACvB,YAAM,KAAK,SAAS,IAAI,SAAS,sBAAsB,UAAU,KAAK,EAAE,QAAQ,WAAW,MAAM,GAAG,CAAC;AACrG,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,YAAY;AAAA,QACZ;AAAA,QACA,QAAQ,YAAY,MAAM;AAAA,QAC1B,eAAe;AAAA,MACjB;AAAA,IACF;AAEA,QAAI,QAAQ,WAAW;AACrB,YAAM,KAAK,SAAS,IAAI,SAAS,sBAAsB,UAAU,KAAK,EAAE,QAAQ,SAAS,KAAK,MAAM,SAAS,GAAG,CAAC;AACjH,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,YAAY;AAAA,QACZ;AAAA,QACA,QAAQ,eAAe,KAAK,qBAAqB,SAAS;AAAA,QAC1D,eAAe;AAAA,MACjB;AAAA,IACF;AAEA,UAAM,KAAK,SAAS,IAAI,SAAS,sBAAsB,WAAW,KAAK,EAAE,aAAa,MAAM,CAAC;AAE7F,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,SAAS,IAAI;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,IACjB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,SAAiB,YAAoB,QAAiB,QAAgC;AAC7G,UAAM,KAAK,SAAS,SAAS,oBAAoB,WAAW,EAAE,SAAS,QAAQ,OAAO,GAAG,EAAE,aAAa,WAAW,CAAC;AAAA,EACtH;AAAA,EAEA,MAAM,qBAAqB,SAAiB,YAAoB,QAAiB,QAAgC;AAC/G,UAAM,KAAK,SAAS,SAAS,sBAAsB,WAAW,EAAE,SAAS,QAAQ,OAAO,GAAG,EAAE,aAAa,WAAW,CAAC;AAAA,EACxH;AAAA,EAEA,MAAM,oBAAoB,SAAiB,YAAoB,QAAgC;AAC7F,UAAM,KAAK,SAAS,SAAS,qBAAqB,WAAW,EAAE,QAAQ,GAAG,EAAE,aAAa,YAAY,eAAe,OAAO,CAAC;AAAA,EAC9H;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,SAA8D;AACvE,UAAM,SAAS,SAAS,iBAAiB;AACzC,UAAM,YAAY,SAAS,iBAAiB,KAAK;AAEjD,WAAO,OAAO,KAAU,KAAU,SAAc;AAC9C,YAAM,UAAU,IAAI,UAAU,MAAM,KAAK,IAAI,UAAU,OAAO,YAAY,CAAC,KAAK;AAEhF,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACnB,OAAO,EAAE,MAAM,oBAAoB,SAAS,wBAAwB,MAAM,UAAU;AAAA,QACtF,CAAC;AACD;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,KAAK,kBAAkB;AAAA,QACxC;AAAA,QACA,QAAQ,IAAI,MAAM,UAAU;AAAA,QAC5B,QAAQ,IAAI,MAAM,UAAU;AAAA,QAC5B,UAAU,IAAI,MAAM,YAAY;AAAA,QAChC,eAAe;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,KAAK,YAAY;AACpB,YAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACnB,OAAO;AAAA,YACL,MAAM;AAAA,YACN,SAAS,KAAK,UAAU;AAAA,YACxB,aAAa,KAAK;AAAA,YAClB,QAAQ,KAAK;AAAA,UACf;AAAA,QACF,CAAC;AACD;AAAA,MACF;AAEA,UAAI,qBAAqB;AACzB,WAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,MAAc,SACZ,SACA,QACA,QACA,KACA,UACe;AACf,QAAI;AAIF,YAAM,KAAK,IAAI,KAAK;AAAA,QAClB,UAAU;AAAA,QACV,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,QACA,UAAU,KAAK,UAAU;AAAA,QACzB,UAAU;AAAA,UACR,QAAQ,KAAK,UAAU;AAAA,UACvB,QAAQ,KAAK,UAAU;AAAA,UACvB,UAAU,KAAK,YAAY;AAAA,UAC3B,GAAG;AAAA,QACL;AAAA,MACF,CAAC;AAAA,IACH,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAoBO,SAAS,eAAe,KAAe,QAAuC;AACnF,SAAO,IAAI,SAAS,KAAK,MAAM;AACjC;","names":[]}

package/dist/integrations/vercel-ai.cjs

@@ -0,0 +1,252 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/integrations/vercel-ai.ts
+var vercel_ai_exports = {};
+__export(vercel_ai_exports, {
+  wrapVercelTool: () => wrapVercelTool,
+  wrapVercelTools: () => wrapVercelTools
+});
+module.exports = __toCommonJS(vercel_ai_exports);
+
+// src/integrations/_runtime-gate.ts
+function isAllowVerdict(decision) {
+  return decision === "allow" || decision === "modify" || decision === "fallback";
+}
+async function runtimeGate(vorim, agentId, actionTarget, scope, payload, opts = {}) {
+  const onEscalation = opts.onEscalation ?? "wait";
+  const d = await vorim.beforeAction(
+    { agentId, actionType: "tool_call", actionTarget, requiredScope: scope, payload },
+    { throwOnDeny: false }
+  );
+  if (d.decision !== "escalate") {
+    return { allowed: isAllowVerdict(d.decision), reason: d.reason, decisionId: d.decisionId || void 0 };
+  }
+  if (onEscalation === "allow") {
+    return { allowed: true, reason: d.reason ?? "escalated (auto-allowed)", decisionId: d.decisionId || void 0 };
+  }
+  if (onEscalation === "deny") {
+    return { allowed: false, reason: d.reason ?? "escalated (auto-denied \u2014 awaiting human)", decisionId: d.decisionId || void 0 };
+  }
+  if (!d.decisionId) {
+    return { allowed: false, reason: "escalated but no decisionId to poll", decisionId: void 0 };
+  }
+  try {
+    const resolved = await vorim.waitForDecisionResolution(d.decisionId, { timeoutMs: opts.escalationTimeoutMs });
+    return { allowed: isAllowVerdict(resolved.decision), reason: resolved.reason, decisionId: resolved.decisionId || d.decisionId };
+  } catch {
+    return { allowed: false, reason: "escalation not resolved before timeout", decisionId: d.decisionId };
+  }
+}
+
+// src/replay.ts
+function jcsCanonicalise(value) {
+  if (value === null) return "null";
+  if (value === true) return "true";
+  if (value === false) return "false";
+  if (typeof value === "number") {
+    if (!Number.isFinite(value)) {
+      throw new Error("jcsCanonicalise: NaN and Infinity are not JCS-valid");
+    }
+    return value.toString();
+  }
+  if (typeof value === "string") {
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    return "[" + value.map(jcsCanonicalise).join(",") + "]";
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
+    return "{" + parts.join(",") + "}";
+  }
+  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);
+}
+async function sha256Hex(input) {
+  const bytes = typeof input === "string" ? new TextEncoder().encode(input) : input;
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const nodeCrypto = await import("crypto");
+  return nodeCrypto.createHash("sha256").update(bytes).digest("hex");
+}
+async function hashTool(tool) {
+  const normalised = {
+    name: tool.name,
+    description: tool.description ?? "",
+    schema: tool.schema ?? {}
+  };
+  const hex = await sha256Hex(jcsCanonicalise(normalised));
+  return `sha256:${hex}`;
+}
+async function hashToolCatalogue(tools) {
+  if (tools.length === 0) {
+    return `sha256:${await sha256Hex("[]")}`;
+  }
+  const perTool = await Promise.all(tools.map(hashTool));
+  perTool.sort();
+  const hex = await sha256Hex(perTool.join(""));
+  return `sha256:${hex}`;
+}
+async function hashSystemPrompt(prompt) {
+  const hex = await sha256Hex(prompt);
+  return `sha256:${hex}`;
+}
+async function prepareReplayContext(inputs) {
+  const ctx = {};
+  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;
+  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);
+  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);
+  return ctx;
+}
+
+// src/integrations/vercel-ai.ts
+function truncate(s, max) {
+  return s.length > max ? s.slice(0, max) + "\u2026" : s;
+}
+async function gate(cfg, scope, actionTarget, payload) {
+  if (cfg.useRuntimeControl) {
+    return runtimeGate(cfg.vorim, cfg.agentId, actionTarget, scope, payload, {
+      onEscalation: cfg.onEscalation,
+      escalationTimeoutMs: cfg.escalationTimeoutMs
+    });
+  }
+  const { allowed, reason } = await cfg.vorim.check(cfg.agentId, scope);
+  return { allowed, reason };
+}
+function emitAudit(vorim, event, asyncAudit) {
+  if (asyncAudit) {
+    vorim.emit(event).catch(() => {
+    });
+    return;
+  }
+  return vorim.emit(event).then(() => void 0).catch(() => void 0);
+}
+function makeReplayGetter(replay) {
+  if (!replay) return async () => ({});
+  let cached = null;
+  return () => {
+    if (!cached) cached = prepareReplayContext(replay);
+    return cached;
+  };
+}
+function wrapVercelTool(name, tool, config) {
+  const { vorim, defaultPermission = "agent:execute", permissionMap = {}, asyncAudit = true } = config;
+  if (typeof tool.execute !== "function") return tool;
+  const originalExecute = tool.execute.bind(tool);
+  const getReplay = makeReplayGetter(config.replay);
+  const scope = permissionMap[name] ?? defaultPermission;
+  const guarded = {
+    ...tool,
+    execute: async (args, options) => {
+      const { allowed, reason, decisionId } = await gate(config, scope, name, args);
+      const replayCtx = await getReplay();
+      const resource = truncate(safeJson(args), 500);
+      if (!allowed) {
+        await emitAudit(vorim, {
+          agent_id: config.agentId,
+          event_type: "tool_call",
+          action: name,
+          resource,
+          permission: scope,
+          result: "denied",
+          ...decisionId ? { decision_id: decisionId } : {},
+          metadata: { reason, framework: "vercel-ai" },
+          ...replayCtx
+        }, asyncAudit);
+        throw new Error(`Vorim: permission denied for "${name}" \u2014 scope "${scope}"${reason ? `: ${reason}` : ""}`);
+      }
+      const start = Date.now();
+      try {
+        const result = await originalExecute(args, options);
+        await emitAudit(vorim, {
+          agent_id: config.agentId,
+          event_type: "tool_call",
+          action: name,
+          resource,
+          permission: scope,
+          result: "success",
+          latency_ms: Date.now() - start,
+          ...decisionId ? { decision_id: decisionId } : {},
+          metadata: { framework: "vercel-ai" },
+          ...replayCtx
+        }, asyncAudit);
+        return result;
+      } catch (err) {
+        await emitAudit(vorim, {
+          agent_id: config.agentId,
+          event_type: "tool_call",
+          action: name,
+          resource,
+          permission: scope,
+          result: "error",
+          latency_ms: Date.now() - start,
+          error_code: err instanceof Error ? err.name : "UNKNOWN",
+          ...decisionId ? { decision_id: decisionId } : {},
+          metadata: { error: err instanceof Error ? err.message : String(err), framework: "vercel-ai" },
+          ...replayCtx
+        }, asyncAudit);
+        throw err;
+      }
+    }
+  };
+  return guarded;
+}
+function wrapVercelTools(tools, config) {
+  const cfg = config.replay && !config.replay.tools ? { ...config, replay: { ...config.replay, tools: deriveCatalogue(tools) } } : config;
+  const out = {};
+  for (const [name, tool] of Object.entries(tools)) {
+    out[name] = wrapVercelTool(name, tool, cfg);
+  }
+  return out;
+}
+function deriveCatalogue(tools) {
+  return Object.entries(tools).map(([name, t]) => ({
+    name,
+    description: typeof t.description === "string" ? t.description : "",
+    schema: t.inputSchema ?? t.parameters ?? {}
+  }));
+}
+function safeJson(v) {
+  try {
+    return JSON.stringify(v);
+  } catch {
+    return String(v);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  wrapVercelTool,
+  wrapVercelTools
+});
+//# sourceMappingURL=vercel-ai.cjs.map

package/dist/integrations/vercel-ai.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/integrations/vercel-ai.ts","../../src/integrations/_runtime-gate.ts","../../src/replay.ts"],"sourcesContent":["// ============================================================================\n// VORIM SDK — Vercel AI SDK Integration\n// Wraps Vercel AI SDK tools with Vorim permission checks, runtime control,\n// and signed audit trails. Works with the `tool()` helper from the `ai`\n// package (v3/v4): each tool is an object with an async `execute(args, opts)`.\n//\n// Peer dependency: ai >=3.0.0\n//\n// Usage:\n//   import { tool } from 'ai';\n//   import createVorim from '@vorim/sdk';\n//   import { wrapVercelTools } from '@vorim/sdk/integrations/vercel-ai';\n//\n//   const vorim = createVorim({ apiKey: 'agid_sk_live_...' });\n//\n//   const tools = wrapVercelTools(\n//     {\n//       searchDocs: tool({ description: '...', parameters: z.object({...}), execute: async ({ query }) => ... }),\n//       sendEmail:  tool({ description: '...', parameters: z.object({...}), execute: async ({ to }) => ... }),\n//     },\n//     { vorim, agentId: 'agid_acme_a1b2c3d4', permissionMap: { sendEmail: 'agent:communicate' } },\n//   );\n//\n//   const result = await generateText({ model, tools, prompt });\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport { runtimeGate, type EscalationPolicy } from './_runtime-gate.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared Vercel AI SDK shape (peer dependency — not bundled) ───────\n//\n// A Vercel `tool()` result. We only touch `execute`; everything else\n// (description, parameters/inputSchema) is passed through untouched, so this\n// stays compatible across AI SDK minor versions that rename schema fields.\ninterface VercelTool {\n  description?: string;\n  parameters?: unknown; // AI SDK v3/early v4\n  inputSchema?: unknown; // AI SDK v4+\n  execute?: (args: any, options?: any) => Promise<any> | any;\n  [k: string]: unknown;\n}\n\n// ─── Configuration ──────────────────────────────────────────────────────────\n\nexport interface VorimVercelConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id (e.g. agid_acme_a1b2c3d4). */\n  agentId: string;\n  /** Per-tool permission scope override, keyed by tool name. */\n  permissionMap?: Record<string, PermissionScope>;\n  /** Default scope for tools without an entry in permissionMap. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Emit audit events fire-and-forget. @default true */\n  asyncAudit?: boolean;\n  /**\n   * Gate each tool call through the runtime-control decision API\n   * (`beforeAction`) instead of the lightweight permission check. @default false\n   *\n   * When true, each call is evaluated against your live policy rules and the\n   * returned decisionId is linked onto every audit event's decision_id.\n   * Requires the runtime_control plan feature (Growth+) and consumes decision\n   * quota. When false (default) the fast permission check is used.\n   */\n  useRuntimeControl?: boolean;\n  /**\n   * What to do when a runtime decision returns `escalate` (a human must\n   * approve). Only applies when `useRuntimeControl` is true.\n   * - `wait`  (default) block and poll until a human approves/denies, or the\n   *           timeout elapses (→ deny). Requires the `runtime:decide` scope.\n   * - `deny`  fail closed without waiting.\n   * - `allow` proceed (fail OPEN — dev/trusted use only).\n   * @default 'wait'\n   */\n  onEscalation?: EscalationPolicy;\n  /** Timeout (ms) for `onEscalation: 'wait'`. @default 300000 */\n  escalationTimeoutMs?: number;\n  /**\n   * Replayable agent decision evidence (VAIP -02). When provided, the hashes\n   * are attached to every audit event. If `replay.tools` is not given, the\n   * wrapped tools' own catalogue is derived automatically.\n   */\n  replay?: ReplayInputs;\n}\n\nfunction truncate(s: string, max: number): string {\n  return s.length > max ? s.slice(0, max) + '…' : s;\n}\n\nasync function gate(\n  cfg: VorimVercelConfig,\n  scope: PermissionScope,\n  actionTarget: string,\n  payload?: Record<string, unknown>,\n): Promise<{ allowed: boolean; reason?: string; decisionId?: string }> {\n  if (cfg.useRuntimeControl) {\n    return runtimeGate(cfg.vorim, cfg.agentId, actionTarget, scope, payload, {\n      onEscalation: cfg.onEscalation,\n      escalationTimeoutMs: cfg.escalationTimeoutMs,\n    });\n  }\n  const { allowed, reason } = await cfg.vorim.check(cfg.agentId, scope);\n  return { allowed, reason };\n}\n\nfunction emitAudit(vorim: VorimSDK, event: AuditEventInput, asyncAudit: boolean): Promise<void> | void {\n  if (asyncAudit) {\n    vorim.emit(event).catch(() => {});\n    return;\n  }\n  return vorim.emit(event).then(() => undefined).catch(() => undefined);\n}\n\n/** Lazy replay-context getter — computes hashes once, reuses thereafter. */\nfunction makeReplayGetter(replay: ReplayInputs | undefined): () => Promise<ReplayContext> {\n  if (!replay) return async () => ({});\n  let cached: Promise<ReplayContext> | null = null;\n  return () => {\n    if (!cached) cached = prepareReplayContext(replay);\n    return cached;\n  };\n}\n\n// ─── Wrappers ────────────────────────────────────────────────────────────────\n\n/**\n * Wrap a single Vercel AI SDK tool so every execution is gated by a Vorim\n * permission/runtime check and recorded in the signed audit trail. A denied\n * call throws (so the AI SDK records a tool error) and is audited as `denied`.\n * Tools with no `execute` (client-side / provider-executed tools) pass through\n * unchanged.\n */\nexport function wrapVercelTool(name: string, tool: VercelTool, config: VorimVercelConfig): VercelTool {\n  const { vorim, defaultPermission = 'agent:execute', permissionMap = {}, asyncAudit = true } = config;\n  if (typeof tool.execute !== 'function') return tool; // nothing to guard\n\n  const originalExecute = tool.execute.bind(tool);\n  const getReplay = makeReplayGetter(config.replay);\n  const scope = permissionMap[name] ?? defaultPermission;\n\n  const guarded: VercelTool = {\n    ...tool,\n    execute: async (args: any, options?: any): Promise<any> => {\n      const { allowed, reason, decisionId } = await gate(config, scope, name, args as Record<string, unknown>);\n      const replayCtx = await getReplay();\n      const resource = truncate(safeJson(args), 500);\n\n      if (!allowed) {\n        await emitAudit(vorim, {\n          agent_id: config.agentId,\n          event_type: 'tool_call',\n          action: name,\n          resource,\n          permission: scope,\n          result: 'denied',\n          ...(decisionId ? { decision_id: decisionId } : {}),\n          metadata: { reason, framework: 'vercel-ai' },\n          ...replayCtx,\n        }, asyncAudit);\n        throw new Error(`Vorim: permission denied for \"${name}\" — scope \"${scope}\"${reason ? `: ${reason}` : ''}`);\n      }\n\n      const start = Date.now();\n      try {\n        const result = await originalExecute(args, options);\n        await emitAudit(vorim, {\n          agent_id: config.agentId,\n          event_type: 'tool_call',\n          action: name,\n          resource,\n          permission: scope,\n          result: 'success',\n          latency_ms: Date.now() - start,\n          ...(decisionId ? { decision_id: decisionId } : {}),\n          metadata: { framework: 'vercel-ai' },\n          ...replayCtx,\n        }, asyncAudit);\n        return result;\n      } catch (err) {\n        await emitAudit(vorim, {\n          agent_id: config.agentId,\n          event_type: 'tool_call',\n          action: name,\n          resource,\n          permission: scope,\n          result: 'error',\n          latency_ms: Date.now() - start,\n          error_code: err instanceof Error ? err.name : 'UNKNOWN',\n          ...(decisionId ? { decision_id: decisionId } : {}),\n          metadata: { error: err instanceof Error ? err.message : String(err), framework: 'vercel-ai' },\n          ...replayCtx,\n        }, asyncAudit);\n        throw err;\n      }\n    },\n  };\n\n  return guarded;\n}\n\n/**\n * Wrap the `tools` object you pass to generateText / streamText. Returns a new\n * object with every executable tool guarded. If `replay.tools` was not provided,\n * the tool catalogue is derived from these tools automatically.\n */\nexport function wrapVercelTools(\n  tools: Record<string, VercelTool>,\n  config: VorimVercelConfig,\n): Record<string, VercelTool> {\n  // Auto-derive the replay tool catalogue from the tools when not supplied.\n  const cfg: VorimVercelConfig =\n    config.replay && !config.replay.tools\n      ? { ...config, replay: { ...config.replay, tools: deriveCatalogue(tools) } }\n      : config;\n\n  const out: Record<string, VercelTool> = {};\n  for (const [name, tool] of Object.entries(tools)) {\n    out[name] = wrapVercelTool(name, tool, cfg);\n  }\n  return out;\n}\n\nfunction deriveCatalogue(tools: Record<string, VercelTool>): CatalogueTool[] {\n  return Object.entries(tools).map(([name, t]) => ({\n    name,\n    description: typeof t.description === 'string' ? t.description : '',\n    schema: (t.inputSchema ?? t.parameters ?? {}) as Record<string, unknown>,\n  }));\n}\n\nfunction safeJson(v: unknown): string {\n  try {\n    return JSON.stringify(v);\n  } catch {\n    return String(v);\n  }\n}\n","// ============================================================================\n// VORIM SDK — Shared runtime-gate helper for framework integrations\n//\n// All tool-wrapping integrations (Vercel, OpenAI, Anthropic, …) turn a\n// `beforeAction` runtime decision into a simple { allowed, reason, decisionId }\n// the wrapper can act on. The subtlety is the `escalate` verdict: it is NOT a\n// denial — it means a human must approve the action. Folding it into\n// `allowed=false` silently breaks every human-in-the-loop flow; folding it into\n// `allowed=true` is a fail-open security hole. So this helper resolves the\n// escalation explicitly, driven by the caller's `onEscalation` preference.\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { RuntimeDecision, PermissionScope } from '../types.js';\n\n/**\n * How a framework integration should treat a runtime `escalate` verdict.\n * - `wait`  — block and poll {@link VorimSDK.waitForDecisionResolution} until a\n *             human approves/denies (or the timeout elapses → deny). The correct\n *             default for human-in-the-loop: an escalation means \"ask a human\".\n * - `deny`  — treat escalate as a denial (fail closed without waiting).\n * - `allow` — treat escalate as allowed (fail OPEN — only for trusted/dev use).\n */\nexport type EscalationPolicy = 'wait' | 'deny' | 'allow';\n\nexport interface RuntimeGateOptions {\n  /** What to do on an `escalate` verdict. @default 'wait' */\n  onEscalation?: EscalationPolicy;\n  /** Timeout (ms) for `onEscalation: 'wait'`. @default 300000 (5 min) */\n  escalationTimeoutMs?: number;\n}\n\nexport interface GateResult {\n  allowed: boolean;\n  reason?: string;\n  decisionId?: string;\n}\n\n/** True for verdicts that permit the action to proceed. `escalate` is handled separately. */\nfunction isAllowVerdict(decision: RuntimeDecision['decision']): boolean {\n  return decision === 'allow' || decision === 'modify' || decision === 'fallback';\n}\n\n/**\n * Run a `beforeAction` runtime decision and collapse it to a {@link GateResult},\n * resolving `escalate` per {@link RuntimeGateOptions.onEscalation}.\n *\n * Requires (for `onEscalation: 'wait'`) an API key with the `runtime:decide`\n * scope — the same scope `beforeAction` itself uses.\n */\nexport async function runtimeGate(\n  vorim: VorimSDK,\n  agentId: string,\n  actionTarget: string,\n  scope: PermissionScope,\n  payload: Record<string, unknown> | undefined,\n  opts: RuntimeGateOptions = {},\n): Promise<GateResult> {\n  const onEscalation = opts.onEscalation ?? 'wait';\n  const d = await vorim.beforeAction(\n    { agentId, actionType: 'tool_call', actionTarget, requiredScope: scope, payload },\n    { throwOnDeny: false },\n  );\n\n  if (d.decision !== 'escalate') {\n    return { allowed: isAllowVerdict(d.decision), reason: d.reason, decisionId: d.decisionId || undefined };\n  }\n\n  // escalate ── a human must decide.\n  if (onEscalation === 'allow') {\n    return { allowed: true, reason: d.reason ?? 'escalated (auto-allowed)', decisionId: d.decisionId || undefined };\n  }\n  if (onEscalation === 'deny') {\n    return { allowed: false, reason: d.reason ?? 'escalated (auto-denied — awaiting human)', decisionId: d.decisionId || undefined };\n  }\n  // 'wait' — poll for the human decision. On timeout, fail closed (deny).\n  if (!d.decisionId) {\n    return { allowed: false, reason: 'escalated but no decisionId to poll', decisionId: undefined };\n  }\n  try {\n    const resolved = await vorim.waitForDecisionResolution(d.decisionId, { timeoutMs: opts.escalationTimeoutMs });\n    return { allowed: isAllowVerdict(resolved.decision), reason: resolved.reason, decisionId: resolved.decisionId || d.decisionId };\n  } catch {\n    // ESCALATION_TIMEOUT (or any poll error) → fail closed.\n    return { allowed: false, reason: 'escalation not resolved before timeout', decisionId: d.decisionId };\n  }\n}\n","/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const obj = value as Record<string, unknown>;\n    // Filter undefined-valued fields, matching @vorim/verify and\n    // @vorim/shared-types. Without this the SDK throws on { a: 1, b: undefined }\n    // while the verifier silently drops b — a cross-module canonical-form\n    // divergence that would break signature verification on such events.\n    const keys = Object.keys(obj).filter(k => obj[k] !== undefined).sort();\n    const parts = keys.map(k => JSON.stringify(k) + ':' + jcsCanonicalise(obj[k]));\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACuCA,SAAS,eAAe,UAAgD;AACtE,SAAO,aAAa,WAAW,aAAa,YAAY,aAAa;AACvE;AASA,eAAsB,YACpB,OACA,SACA,cACA,OACA,SACA,OAA2B,CAAC,GACP;AACrB,QAAM,eAAe,KAAK,gBAAgB;AAC1C,QAAM,IAAI,MAAM,MAAM;AAAA,IACpB,EAAE,SAAS,YAAY,aAAa,cAAc,eAAe,OAAO,QAAQ;AAAA,IAChF,EAAE,aAAa,MAAM;AAAA,EACvB;AAEA,MAAI,EAAE,aAAa,YAAY;AAC7B,WAAO,EAAE,SAAS,eAAe,EAAE,QAAQ,GAAG,QAAQ,EAAE,QAAQ,YAAY,EAAE,cAAc,OAAU;AAAA,EACxG;AAGA,MAAI,iBAAiB,SAAS;AAC5B,WAAO,EAAE,SAAS,MAAM,QAAQ,EAAE,UAAU,4BAA4B,YAAY,EAAE,cAAc,OAAU;AAAA,EAChH;AACA,MAAI,iBAAiB,QAAQ;AAC3B,WAAO,EAAE,SAAS,OAAO,QAAQ,EAAE,UAAU,iDAA4C,YAAY,EAAE,cAAc,OAAU;AAAA,EACjI;AAEA,MAAI,CAAC,EAAE,YAAY;AACjB,WAAO,EAAE,SAAS,OAAO,QAAQ,uCAAuC,YAAY,OAAU;AAAA,EAChG;AACA,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,0BAA0B,EAAE,YAAY,EAAE,WAAW,KAAK,oBAAoB,CAAC;AAC5G,WAAO,EAAE,SAAS,eAAe,SAAS,QAAQ,GAAG,QAAQ,SAAS,QAAQ,YAAY,SAAS,cAAc,EAAE,WAAW;AAAA,EAChI,QAAQ;AAEN,WAAO,EAAE,SAAS,OAAO,QAAQ,0CAA0C,YAAY,EAAE,WAAW;AAAA,EACtG;AACF;;;ACdO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AAKZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,OAAO,OAAK,IAAI,CAAC,MAAM,MAAS,EAAE,KAAK;AACrE,UAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAgB,IAAI,CAAC,CAAC,CAAC;AAC7E,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;AFlJA,SAAS,SAAS,GAAW,KAAqB;AAChD,SAAO,EAAE,SAAS,MAAM,EAAE,MAAM,GAAG,GAAG,IAAI,WAAM;AAClD;AAEA,eAAe,KACb,KACA,OACA,cACA,SACqE;AACrE,MAAI,IAAI,mBAAmB;AACzB,WAAO,YAAY,IAAI,OAAO,IAAI,SAAS,cAAc,OAAO,SAAS;AAAA,MACvE,cAAc,IAAI;AAAA,MAClB,qBAAqB,IAAI;AAAA,IAC3B,CAAC;AAAA,EACH;AACA,QAAM,EAAE,SAAS,OAAO,IAAI,MAAM,IAAI,MAAM,MAAM,IAAI,SAAS,KAAK;AACpE,SAAO,EAAE,SAAS,OAAO;AAC3B;AAEA,SAAS,UAAU,OAAiB,OAAwB,YAA2C;AACrG,MAAI,YAAY;AACd,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAChC;AAAA,EACF;AACA,SAAO,MAAM,KAAK,KAAK,EAAE,KAAK,MAAM,MAAS,EAAE,MAAM,MAAM,MAAS;AACtE;AAGA,SAAS,iBAAiB,QAAgE;AACxF,MAAI,CAAC,OAAQ,QAAO,aAAa,CAAC;AAClC,MAAI,SAAwC;AAC5C,SAAO,MAAM;AACX,QAAI,CAAC,OAAQ,UAAS,qBAAqB,MAAM;AACjD,WAAO;AAAA,EACT;AACF;AAWO,SAAS,eAAe,MAAc,MAAkB,QAAuC;AACpG,QAAM,EAAE,OAAO,oBAAoB,iBAAiB,gBAAgB,CAAC,GAAG,aAAa,KAAK,IAAI;AAC9F,MAAI,OAAO,KAAK,YAAY,WAAY,QAAO;AAE/C,QAAM,kBAAkB,KAAK,QAAQ,KAAK,IAAI;AAC9C,QAAM,YAAY,iBAAiB,OAAO,MAAM;AAChD,QAAM,QAAQ,cAAc,IAAI,KAAK;AAErC,QAAM,UAAsB;AAAA,IAC1B,GAAG;AAAA,IACH,SAAS,OAAO,MAAW,YAAgC;AACzD,YAAM,EAAE,SAAS,QAAQ,WAAW,IAAI,MAAM,KAAK,QAAQ,OAAO,MAAM,IAA+B;AACvG,YAAM,YAAY,MAAM,UAAU;AAClC,YAAM,WAAW,SAAS,SAAS,IAAI,GAAG,GAAG;AAE7C,UAAI,CAAC,SAAS;AACZ,cAAM,UAAU,OAAO;AAAA,UACrB,UAAU,OAAO;AAAA,UACjB,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR;AAAA,UACA,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR,GAAI,aAAa,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,UAChD,UAAU,EAAE,QAAQ,WAAW,YAAY;AAAA,UAC3C,GAAG;AAAA,QACL,GAAG,UAAU;AACb,cAAM,IAAI,MAAM,iCAAiC,IAAI,mBAAc,KAAK,IAAI,SAAS,KAAK,MAAM,KAAK,EAAE,EAAE;AAAA,MAC3G;AAEA,YAAM,QAAQ,KAAK,IAAI;AACvB,UAAI;AACF,cAAM,SAAS,MAAM,gBAAgB,MAAM,OAAO;AAClD,cAAM,UAAU,OAAO;AAAA,UACrB,UAAU,OAAO;AAAA,UACjB,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR;AAAA,UACA,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR,YAAY,KAAK,IAAI,IAAI;AAAA,UACzB,GAAI,aAAa,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,UAChD,UAAU,EAAE,WAAW,YAAY;AAAA,UACnC,GAAG;AAAA,QACL,GAAG,UAAU;AACb,eAAO;AAAA,MACT,SAAS,KAAK;AACZ,cAAM,UAAU,OAAO;AAAA,UACrB,UAAU,OAAO;AAAA,UACjB,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR;AAAA,UACA,YAAY;AAAA,UACZ,QAAQ;AAAA,UACR,YAAY,KAAK,IAAI,IAAI;AAAA,UACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,UAC9C,GAAI,aAAa,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,UAChD,UAAU,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,GAAG,WAAW,YAAY;AAAA,UAC5F,GAAG;AAAA,QACL,GAAG,UAAU;AACb,cAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAOO,SAAS,gBACd,OACA,QAC4B;AAE5B,QAAM,MACJ,OAAO,UAAU,CAAC,OAAO,OAAO,QAC5B,EAAE,GAAG,QAAQ,QAAQ,EAAE,GAAG,OAAO,QAAQ,OAAO,gBAAgB,KAAK,EAAE,EAAE,IACzE;AAEN,QAAM,MAAkC,CAAC;AACzC,aAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,QAAI,IAAI,IAAI,eAAe,MAAM,MAAM,GAAG;AAAA,EAC5C;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAoD;AAC3E,SAAO,OAAO,QAAQ,KAAK,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO;AAAA,IAC/C;AAAA,IACA,aAAa,OAAO,EAAE,gBAAgB,WAAW,EAAE,cAAc;AAAA,IACjE,QAAS,EAAE,eAAe,EAAE,cAAc,CAAC;AAAA,EAC7C,EAAE;AACJ;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;","names":[]}